CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,246 vulnerabilities with CWE-79
CVE-2025-28879
MEDIUM
Bee Layer Slider <= 1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-28878
MEDIUM
Awesome Surveys <= 2.0.10 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28875
MEDIUM
shanebp BP Email Assign Templates <= 1.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28871
MEDIUM
Block Spam By Math Reloaded <= 2.2.4 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28870
MEDIUM
amoCRM WebForm <= 1.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-2207
LOW
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sys/dept Name Parameter
CVSS 2.4
CVE-2025-2206
LOW
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sys/permission Name Parameter
CVSS 2.4
CVE-2025-25929
MEDIUM
OpenMRS 2.4.3 - Reflected Cross-Site Scripting via QuickReportServlet reportType Parameter
CVSS 5.4
CVE-2025-25925
MEDIUM
OpenMRS v2.4.3 Build 0ff0ed - Stored Cross-Site Scripting via personName.middleName Parameter
CVSS 4.8
CVE-2025-25747
MEDIUM
HotelDruid 3.0.7 - Cross-Site Scripting via ripristina_backup Parameter
CVSS 5.4
CVE-2025-2196
LOW
MRCMS 3.1.2 - Cross-Site Scripting via File Upload Path Parameter
CVSS 3.5
CVE-2025-2195
LOW
MRCMS 3.1.2 - Cross-Site Scripting in File Rename Function
CVSS 3.5
CVE-2025-2194
LOW
MRCMS 3.1.2 - Cross-Site Scripting in File Controller Path Parameter
CVSS 3.5
CVE-2025-2191
LOW
Claro A7600-A1 RNR4-A72T-2x16_v2110403_CLA_32_160817 - XSS
CVSS 2.4
CVE-2025-1434
MEDIUM
Topkapi Vision Webserv2 1.0.0-6.2.5474 - Unauthenticated Stored Cross-Site Scripting in Spreadsheet View
CVSS 6.1
CVE-2025-0629
MEDIUM
Coronavirus (COVID-19) Notice Message WP <1.1.2 - XSS
CVSS 4.8
CVE-2025-27434
HIGH
SAP Commerce (Swagger UI) COM_CLOUD 2211 - Unauthenticated Cross-Site Scripting
CVSS 8.8
CVE-2025-27431
MEDIUM
SAP NetWeaver Application Server Java - XSS
CVSS 5.4
CVE-2025-26659
MEDIUM
SAP NetWeaver Application Server ABAP - XSS
CVSS 6.1
CVE-2025-25245
MEDIUM
SAP BusinessObjects Web Intelligence - XSS
CVSS 5.4
CVE-2025-25242
MEDIUM
SAP NetWeaver Application Server ABAP - XSS
CVSS 6.1
CVE-2025-0062
MEDIUM
SAP BusinessObjects Business Intelligence Platform - Stored Cross-Site Scripting in Web Intelligence Reports
CVSS 4.7
CVE-2025-27924
MEDIUM
Nintex Automation 5.6-5.7 - Stored Cross-Site Scripting via Navigate to a URL Action
CVSS 5.4
CVE-2025-25908
MEDIUM
tianti 2.3 - Stored Cross-Site Scripting via CoverImageURL Parameter
CVSS 5.4
CVE-2025-0660
MEDIUM
Concrete CMS 9.0.0-9.3.9 - Stored Cross-Site Scripting in Folder Name Input
CVSS 4.8
Details
Vulnerabilities
45,246
Exploit Likelihood
High